RSA Chief: Last Year's Breach Has Silver Lining

alphadogg writes "Last year's industry-shaking RSA Security breach has resulted in customers' CEOs and CIOs engaging much more closely with the vendor to improve their organizations' security, according to the head of RSA. Discussing the details of the attack that compromised its SecurID tokens has made RSA sought after by companies that want to prevent something similar from happening to them, Executive Chairman Art Coviello said in an interview with Network World. 'If there's a silver lining to the cloud that was over us from April through over the summer it is the fact that we've been engaged with customers at a strategic level as never before,' Coviello says, 'and they want to know in detail what happened to us, how we responded, what tools we used, what was effective and what was not.'"

And did they answer?

[marcosdumay]

Everybody knows that their customers want to know such things because they asked in a quite vocal maner just after the troubles, and werre simply dismissed by RSA. So, now RSA issues a PR stating that their customers want to know if they are secure, and not teling if they gave any answer. Quite funny what some spin can create.

Anyway, why should anybody buy a product from RSA anymore?

Re:its amazing what publicity

[vlm]

You pay them the big dollars because they're supposed to already know what they're doing and have good practice already in place the day you shake hands.

Actually you pay them because its faster / better / cheaper than doing it yourself, not because they are perfect. If 50% of the population is below the median, they only have to achieve a 50% median solution to capture about 50% of the market. The actual percentages are probably much higher, regardless they certainly don't have to be 100% perfect to make money.

The other reason you pay money is to have someone else to blame for the inevitable headaches. As long as your boss yells at them for an outsourced solution instead of you for an insourced solution, that was money well spent.

FTFY

[CanHasDIY]

'If there's a silver lining to the cloud that was over us from April through over the summer it is the fact that we've been getting phone-raped by customers... as never before,' Coviello says, 'and they want to know in detail what the fuck happened, how we fucked up so badly, how the fuck we're going to fix it, and why the fuck they should still be our 'customers'."

The really awesome part...

[Chibi+Merrow]

Is that the worthless corporate scumbags who own the company I work for (and force us to use RSA keyfobs) thought very hard about what to do about this spectacular failure on RSA's part, and came up with this solution: Get new keyfobs from RSA!

RSA's only job was to be trustworthy. None of their technology is a trade secret, and once they produce the fobs there's no need to interact with RSA whatsoever. There IS NO technology to steal on their networks.

And yet they kept the keys. The only purpose served by keeping those keys is allowing someone to decrypt their customers encrypted traffic. The keys are completely unnecessary for any other reason once the fobs have been made. If they're doing their job right, it wouldn't matter if terrorists came in and held a gun to the CEO's head, nevermind if their network was secure. The key fobs do not depend on them in any way to function once they're produced.

Their only job was to be trustworthy, and they have failed spectacularly.

So I'm expecting raises and bonuses all around for the execs, while a couple worker drones (who probably questioned keeping the keys in the first place) get axed. SNAFU.